package weiyao.xinxidasai.config.Redis;

import com.google.common.hash.Funnels;
import org.springframework.stereotype.Component;

import java.nio.charset.StandardCharsets;
import java.util.Arrays;

@Component("sqlInjectionBloomFilter")
public class SqlInjectionBloomFilter {
    private static final String[] INVALID_CHARS = {
            "'", "\"", ";", "--", "/*", "*/",
            " OR ", " AND ", "EXECUTE", "INSERT",
            "SELECT", "UPDATE", "DELETE", " UNION ",
            "DROP", "XP_", "TRUNCATE", "1=1",
            "VARCHAR(", "CHAR(", "WAITFOR DELAY"
    };

    private final BloomFilter filter;


    public boolean containsInjection(String input) {
        return Arrays.stream(INVALID_CHARS)
                .anyMatch(keyword -> input.toUpperCase().contains(keyword))
                || filter.mightContain(input.toUpperCase());
    }

    public SqlInjectionBloomFilter() {
        this.filter = new BloomFilter(INVALID_CHARS.length, 0.001);
        Arrays.stream(INVALID_CHARS).forEach(filter::add);
    }


}